ripr: Package Binary Code

ripr is a tool that helps you rip out functionality from binary code and use it from python. It accomplishes this by pairing the Unicorn-Engine with Binary Ninja. Currently, x86, x64, and arm are supported and work to a reasonable degree.

Reimplementing functionality is a common, often time-consuming, and sometimes arduous process that comes up frequently during reverse engineering. A few examples:

A CTF challenge has a custom encoding/decoding scheme you need to use in your solution script

A piece of malware uses a custom hashing or encryption function you need to implement

You need to make sure your reimplementation behaves exactly as it would on the original architecture

ripr attempts to automatically generate a python class that is functionally identical to a selected piece of code by statically gathering sufficient information and wrapping it all into a “harness” for the unicorn emulator.

For some concrete examples (that are much easier to grok), check out the sample folder!